Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/05/17 9:4 p.m.12 views

CVE-2023-6541

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6.1CVSS5.9AI score0.00319EPSS
Exploits2References3
NVD
NVD
added 2025/05/15 8:15 p.m.6 views

CVE-2023-6541

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6.1CVSS0.00319EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/05/15 8:9 p.m.14 views

CVE-2023-6541 Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

0.00319EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:9 p.m.8 views

CVE-2023-6541 Allow SVG < 1.2.0 - Author+ Stored XSS via SVG

The Allow SVG WordPress plugin before 1.2.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads...

6.1AI score0.00319EPSS
Exploits2References1
CVE
CVE
added 2025/05/15 8:9 p.m.53 views

CVE-2023-6541

The CVE-2023-6541 entry concerns the WordPress Allow SVG plugin prior to 1.2.0, where uploaded SVGs are not sanitized, enabling stored XSS via SVG payloads uploaded by users with as little as Author privileges. Impact is cross-site scripting with low to moderate severity per sources; remediation:...

6.1CVSS9.2AI score0.00319EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2024/01/29 12:0 a.m.9 views

WordPress Allow SVG Plugin < 1.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Allow SVG Type Plugin Vulnerable versions 1.2.0 Fixed in 1.2.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-6541 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e1ff41df5c9e Credits Bob Matyas Required privilege...

5.8AI score0.00319EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder